Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Check that archives are not created within paths to be removed is unreliable #29420

Closed
ansibot opened this issue Sep 11, 2017 · 8 comments · Fixed by #49443
Closed

Check that archives are not created within paths to be removed is unreliable #29420

ansibot opened this issue Sep 11, 2017 · 8 comments · Fixed by #49443
Labels
affects_2.2 This issue/PR affects Ansible v2.2 bug This issue/PR relates to a bug. module This issue/PR relates to a module. support:community This issue/PR relates to code supported by the Ansible community.

Comments

@ansibot
Copy link
Contributor

ansibot commented Sep 11, 2017

From @gonzolino on 2016-11-24T10:41:47Z

ISSUE TYPE
  • Bug Report
COMPONENT NAME

archive

ANSIBLE VERSION
ansible 2.2.0.0
  config file =
  configured module search path = Default w/o overrides
CONFIGURATION

N/A

OS / ENVIRONMENT

N/A

SUMMARY

When creating an archive with remove=True the archive module checks that the archive is not created within the paths to be removed.

Since the check is done with a simple dest.startswith(path), it can happen that the check reports that the archive destination is in path when path is a prefix of dest, but they are not on the same path. E.g. path=/tmp/test and dest=/tmp/test.tar.gz, here dest is outside of path, but the check would still report that the archive would be created in a path to be removed.

STEPS TO REPRODUCE

The following playbook contains two tasks. The first will work because path is not a prefix of dest, the second will fail because path is a prefix of dest.

---
- name: Test archive
  hosts: localhost
  tasks:
    - name: This will work
      archive:
        path: /tmp/test1/
        dest: /tmp/test1.tar.gz
        remove: True
    - name: This will fail
      archive:
        path: /tmp/test2
        dest: /tmp/test2.tar.gz
        remove: True
EXPECTED RESULTS
ACTUAL RESULTS
ansible-playbook test.yml -vvvv
No config file found; using defaults
 [WARNING]: Host file not found: /usr/local/etc/ansible/hosts

 [WARNING]: provided hosts list is empty, only localhost is available

Loading callback plugin default of type stdout, v2.0 from /usr/local/Cellar/ansible/2.2.0.0_1/libexec/lib/python2.7/site-packages/ansible/plugins/callback/__init__.pyc

PLAYBOOK: test.yml *************************************************************
1 plays in test.yml

PLAY [Test archive] ************************************************************

TASK [setup] *******************************************************************
Using module file /usr/local/Cellar/ansible/2.2.0.0_1/libexec/lib/python2.7/site-packages/ansible/modules/core/system/setup.py
<127.0.0.1> ESTABLISH LOCAL CONNECTION FOR USER: dgonzalez
<127.0.0.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo $HOME/.ansible/tmp/ansible-tmp-1479983438.63-62447650972295 `" && echo ansible-tmp-1479983438.63-62447650972295="` echo $HOME/.ansible/tmp/ansible-tmp-1479983438.63-62447650972295 `" ) && sleep 0'
<127.0.0.1> PUT /var/folders/_q/mrdgcdd124qf1ry_xbhzwt_x_yl1nx/T/tmp1g_Bzg TO /Users/dgonzalez/.ansible/tmp/ansible-tmp-1479983438.63-62447650972295/setup.py
<127.0.0.1> EXEC /bin/sh -c 'chmod u+x /Users/dgonzalez/.ansible/tmp/ansible-tmp-1479983438.63-62447650972295/ /Users/dgonzalez/.ansible/tmp/ansible-tmp-1479983438.63-62447650972295/setup.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '/usr/local/Cellar/ansible/2.2.0.0_1/libexec/bin/python2.7 /Users/dgonzalez/.ansible/tmp/ansible-tmp-1479983438.63-62447650972295/setup.py; rm -rf "/Users/dgonzalez/.ansible/tmp/ansible-tmp-1479983438.63-62447650972295/" > /dev/null 2>&1 && sleep 0'
ok: [localhost]

TASK [This will work] **********************************************************
task path: /Users/dgonzalez/Documents/Thesis/repo/lab/ansible/playbooks/test.yml:5
Using module file /Users/dgonzalez/Documents/Thesis/repo/lab/ansible/playbooks/library/archive.py
<127.0.0.1> ESTABLISH LOCAL CONNECTION FOR USER: dgonzalez
<127.0.0.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo $HOME/.ansible/tmp/ansible-tmp-1479983439.38-146539138486929 `" && echo ansible-tmp-1479983439.38-146539138486929="` echo $HOME/.ansible/tmp/ansible-tmp-1479983439.38-146539138486929 `" ) && sleep 0'
<127.0.0.1> PUT /var/folders/_q/mrdgcdd124qf1ry_xbhzwt_x_yl1nx/T/tmpKGqjYA TO /Users/dgonzalez/.ansible/tmp/ansible-tmp-1479983439.38-146539138486929/archive.py
<127.0.0.1> EXEC /bin/sh -c 'chmod u+x /Users/dgonzalez/.ansible/tmp/ansible-tmp-1479983439.38-146539138486929/ /Users/dgonzalez/.ansible/tmp/ansible-tmp-1479983439.38-146539138486929/archive.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '/usr/local/Cellar/ansible/2.2.0.0_1/libexec/bin/python2.7 /Users/dgonzalez/.ansible/tmp/ansible-tmp-1479983439.38-146539138486929/archive.py; rm -rf "/Users/dgonzalez/.ansible/tmp/ansible-tmp-1479983439.38-146539138486929/" > /dev/null 2>&1 && sleep 0'
changed: [localhost] => {
    "archived": [],
    "arcroot": "/tmp/test1/",
    "changed": true,
    "dest": "/tmp/test1.tar.gz",
    "expanded_paths": [
        "/tmp/test1/"
    ],
    "gid": 0,
    "group": "wheel",
    "invocation": {
        "module_args": {
            "backup": null,
            "content": null,
            "delimiter": null,
            "dest": "/tmp/test1.tar.gz",
            "directory_mode": null,
            "follow": false,
            "force": null,
            "format": "gz",
            "group": null,
            "mode": null,
            "owner": null,
            "path": "/tmp/test1.tar.gz",
            "regexp": null,
            "remote_src": null,
            "remove": true,
            "selevel": null,
            "serole": null,
            "setype": null,
            "seuser": null,
            "src": null,
            "unsafe_writes": null
        },
        "module_name": "archive"
    },
    "missing": [],
    "mode": "0644",
    "owner": "dgonzalez",
    "size": 60,
    "state": "file",
    "uid": 1441367741
}

TASK [This will fail] **********************************************************
task path: /Users/dgonzalez/Documents/Thesis/repo/lab/ansible/playbooks/test.yml:10
Using module file /Users/dgonzalez/Documents/Thesis/repo/lab/ansible/playbooks/library/archive.py
<127.0.0.1> ESTABLISH LOCAL CONNECTION FOR USER: dgonzalez
<127.0.0.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo $HOME/.ansible/tmp/ansible-tmp-1479983440.0-114483211257278 `" && echo ansible-tmp-1479983440.0-114483211257278="` echo $HOME/.ansible/tmp/ansible-tmp-1479983440.0-114483211257278 `" ) && sleep 0'
<127.0.0.1> PUT /var/folders/_q/mrdgcdd124qf1ry_xbhzwt_x_yl1nx/T/tmpWLomP4 TO /Users/dgonzalez/.ansible/tmp/ansible-tmp-1479983440.0-114483211257278/archive.py
<127.0.0.1> EXEC /bin/sh -c 'chmod u+x /Users/dgonzalez/.ansible/tmp/ansible-tmp-1479983440.0-114483211257278/ /Users/dgonzalez/.ansible/tmp/ansible-tmp-1479983440.0-114483211257278/archive.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '/usr/local/Cellar/ansible/2.2.0.0_1/libexec/bin/python2.7 /Users/dgonzalez/.ansible/tmp/ansible-tmp-1479983440.0-114483211257278/archive.py; rm -rf "/Users/dgonzalez/.ansible/tmp/ansible-tmp-1479983440.0-114483211257278/" > /dev/null 2>&1 && sleep 0'
fatal: [localhost]: FAILED! => {
    "changed": false,
    "failed": true,
    "gid": 0,
    "group": "wheel",
    "invocation": {
        "module_args": {
            "backup": null,
            "content": null,
            "delimiter": null,
            "dest": "/tmp/test2.tar.gz",
            "directory_mode": null,
            "follow": false,
            "force": null,
            "format": "gz",
            "group": null,
            "mode": null,
            "owner": null,
            "path": [
                "/tmp/test2"
            ],
            "regexp": null,
            "remote_src": null,
            "remove": true,
            "selevel": null,
            "serole": null,
            "setype": null,
            "seuser": null,
            "src": null,
            "unsafe_writes": null
        },
        "module_name": "archive"
    },
    "mode": "0755",
    "msg": "Error, created archive can not be contained in source paths when remove=True",
    "owner": "dgonzalez",
    "path": "/tmp/test2",
    "size": 68,
    "state": "directory",
    "uid": 1441367741
}
	to retry, use: --limit @/Users/dgonzalez/Documents/Thesis/repo/lab/ansible/playbooks/test.retry

PLAY RECAP *********************************************************************
localhost                  : ok=2    changed=1    unreachable=0    failed=1

Copied from original issue: ansible/ansible-modules-extras#3537
@ansibot
Copy link
Contributor Author

ansibot commented Sep 11, 2017

From @ansibot on 2016-11-24T10:41:47Z

@bendoh ping, this issue is waiting for your response.
click here for bot help

@ansibot
Copy link
Contributor Author

ansibot commented Sep 11, 2017

From @bendoh on 2016-11-24T10:41:47Z

Cool, thanks for the report 👍 I'll look into it ASAP!

@ansibot
Copy link
Contributor Author

ansibot commented Sep 11, 2017

From @gonzolino on 2016-11-24T10:41:47Z

@bendoh Thanks, I already tried to fix it (see #3538), but it seems like there is a problem with the syntax, which is weird since it runs on my laptop...

@ansibot
Copy link
Contributor Author

ansibot commented Sep 11, 2017

From @bendoh on 2016-11-24T10:41:47Z

Yeah, that's a 2.5 syntax: http://stackoverflow.com/a/10314837/901644

@ansibot
Copy link
Contributor Author

ansibot commented Sep 11, 2017

From @bendoh on 2016-11-24T10:41:47Z

Ansible python modules should be compatible with Python 2.3 to pass all checks

@ansibot
Copy link
Contributor Author

ansibot commented Sep 11, 2017

From @gonzolino on 2016-11-24T10:41:47Z

ok thanks, I did not know this. I will update my patch.

@ansibot ansibot mentioned this issue Sep 11, 2017
Closed
@ansibot ansibot added affects_2.2 This issue/PR affects Ansible v2.2 bug_report module This issue/PR relates to a module. support:community This issue/PR relates to code supported by the Ansible community. labels Sep 11, 2017
@TheKnightCoder
Copy link

has this been fixed yet? having the same probelm

@ansibot ansibot added bug This issue/PR relates to a bug. and removed bug_report labels Mar 1, 2018
@v-sukt
Copy link

v-sukt commented Mar 14, 2018

facing the same issue. Is there any workaround for time-being? I need the directory removed along with the files it contains after archiving.
If I add / suffix from path the files are archived stripping the directory-path and removed but directory remains - I expected it to archive with the path of parent directory.

@ansibot ansibot added support:core This issue/PR relates to code supported by the Ansible Engineering Team. and removed support:community This issue/PR relates to code supported by the Ansible community. labels Sep 14, 2018
@ansibot ansibot added needs_maintainer Ansibot is unable to identify maintainers for this PR. (Check `author` in docs or BOTMETA.yml) support:community This issue/PR relates to code supported by the Ansible community. and removed support:core This issue/PR relates to code supported by the Ansible Engineering Team. labels Oct 8, 2018
@ansibot ansibot removed the needs_maintainer Ansibot is unable to identify maintainers for this PR. (Check `author` in docs or BOTMETA.yml) label Nov 10, 2018
feranwq pushed a commit to feranwq/ansible that referenced this issue Dec 3, 2018
archive: Fix check if archive is created in path to be removed (ansib…
3a45de4 
…le#29420)
@feranwq feranwq mentioned this issue Dec 3, 2018
Merged
feranwq pushed a commit to feranwq/ansible that referenced this issue Dec 3, 2018
archive: Fix check if archive is created in path to be removed (ansib…
9640c2d 
…le#29420)

(cherry picked from commit 3a45de4)
@feranwq feranwq mentioned this issue Dec 3, 2018
Merged
abadger pushed a commit that referenced this issue Jan 7, 2019
@abadger
archive: Fix check if archive is created in path to be removed (#29420)
1d3d6a3
kbreit pushed a commit to kbreit/ansible that referenced this issue Jan 11, 2019
@kbreit
archive: Fix check if archive is created in path to be removed (ansib…
f976b43 
…le#29420)
abadger pushed a commit that referenced this issue Jan 18, 2019
@feranwq @abadger
archive: Fix check if archive is created in path to be removed (#29420)…
f2d4187 
… (#49444)

* archive: Fix check if archive is created in path to be removed (#29420)

(cherry picked from commit 3a45de4)

* add changelog
@ansible ansible locked and limited conversation to collaborators Jul 22, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
affects_2.2 This issue/PR affects Ansible v2.2 bug This issue/PR relates to a bug. module This issue/PR relates to a module. support:community This issue/PR relates to code supported by the Ansible community.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

archive: Fix check if archive is created in path to be removed (#29420) feranwq/ansible
3 participants
@ansibot @v-sukt @TheKnightCoder